CYBERSECURITY AWARENESS AND COMPLIANCE AMONG SMALL AND MEDIUM-SIZED ENTERPRISES (SMES) IN ANAMBRA STATE

Abstract

Background: Small and medium-sized enterprises (SMEs) in Nigeria face unique cybersecurity challenges due to limited resources, lack of dedicated IT personnel, and inadequate security budgets. Despite increasing digitalization of business operations, many SMEs operate without formal cybersecurity policies or structured training programmes, leaving them vulnerable to cyber threats such as phishing, ransomware, and data breaches.
Objective: This study examined the level of cybersecurity awareness among SMEs in Awka South LGA, Anambra State, and identified the factors influencing compliance with cybersecurity regulations and best practices.
Methods: The study adopted a mixed-methods research design. A sample size of 184 respondents was determined using the Taro Yamane formula, drawn from a population of 1,902 registered SMEs in Awka South LGA. A multi-stage sampling procedure was employed to select respondents across seven towns and fourteen business locations. Quantitative data were collected using structured questionnaires and analyzed using descriptive statistics (frequency distributions and percentages), while qualitative data were gathered through six in-depth interviews (IDIs) with business owners and managers and analyzed using thematic analysis. The Technology Acceptance Model (TAM) served as the theoretical framework.
Results: The findings revealed that while 40.9% of respondents reported high awareness of basic cybersecurity practices and 47.7% perceived cyber threats as high risk, only 33.0% had participated in formal cybersecurity training, and 63.6% lacked formal cybersecurity policies. Regarding compliance, lack of funds (39.8%) was the most frequently cited barrier, followed by lack of technical knowledge (30.7%), weak enforcement (18.2%), and low risk perception (11.3%). Furthermore, 75.0% of respondents indicated that financial capacity influences compliance, 84.1% identified technical expertise as a key factor, and 71.6% highlighted the role of organizational culture.
Objective: This study examined the level of cybersecurity awareness among SMEs in Awka South LGA, Anambra State, and identified the factors influencing compliance with cybersecurity regulations and best practices.
Methods: The study adopted a mixed methods research design. A sample size of 184 respondents was determined using the Taro Yamane formula, drawn from a population of 1,902 registered SMEs in Awka South LGA. A multi-stage sampling procedure was employed to select respondents across seven towns and fourteen business locations. Quantitative data were collected using structured questionnaires and analyzed using descriptive statistics (frequency distributions and percentages). Qualitative data were gathered through six In-Depth Interviews (IDIs) with business owners and managers, analyzed using thematic analysis. The Technology Acceptance Model (TAM) served as the theoretical framework.
Results: The findings revealed that while 40.9% of respondents reported high awareness of basic cybersecurity practices and 47.7% perceived cyber threats as high risk, only 33.0% had ever participated in formal cybersecurity training, and 63.6% lacked formal cybersecurity policies. Regarding compliance, lack of funds (39.8%) was the most frequently cited barrier, followed by lack of technical knowledge (30.7%), weak enforcement (18.2%), and low risk perception (11.3%). Furthermore, 75.0% of respondents affirmed that financial capacity influences compliance, 84.1% affirmed that technical expertise influences compliance, and 71.6% affirmed that organizational culture influences compliance.